MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a026d098163797c17ff2c9e6b61464b4dfe8defeb1dc557cc20b99ce5b4f9ea5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a026d098163797c17ff2c9e6b61464b4dfe8defeb1dc557cc20b99ce5b4f9ea5
SHA3-384 hash: 32acd0ed7162c3ff053c6a31c463724c8129a5df8414c2fc927938556a07df2f2f30fce4b1b8630e9956e50520177060
SHA1 hash: 22590b55d37bb9b585347f855ba893e37d5a747b
MD5 hash: a8d3943a8da4717bb569474900dbc703
humanhash: river-spaghetti-georgia-pluto
File name:a8d3943a8da4717bb569474900dbc703
Download: download sample
File size:1'426'944 bytes
First seen:2021-11-20 18:41:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ce919e1897288d41cd87bbb1edcd434c
ssdeep 24576:HnLw0wRJXSBtrvY3+hB5CC/QixBOD0la9I4QTD0X:HD0BSzrA3cBbQ4BJa9q8X
Threatray 144 similar samples on MalwareBazaar
TLSH T192658E4AA3A901ECD0ABD278CA529607E7B17C0107349BDF13D55B6A2F23BE15E7E710
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://freemicrosofttoolkit.com/
Verdict:
Malicious activity
Analysis date:
2021-11-20 13:21:21 UTC
Tags:
trojan rat redline evasion stealer loader opendir vidar raccoon
Link:
https://app.any.run/tasks/7bf08438-4de8-4f13-b77a-a9447ddaff30

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
Win.Malware.Spyagent-9830839-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending an HTTP GET request
Reading critical registry keys
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cerbu fingerprint greyware spyagent
Link:
https://www.filescan.io/uploads/6199417cd0c3a45787fb8ade/reports/a1a3cf77-14c5-47d7-a343-3f80c9be48c3/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/96522654-8d54-489c-8ab4-5570381306ec
Result
Threat name:
Generic malware
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/893148
Signature
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Yara Genericmalware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a026d098163797c17ff2c9e6b61464b4dfe8defeb1dc557cc20b99ce5b4f9ea5/
Threat name:
Win64.Trojan.Fabookie
Create hunting rule
Status:
Malicious
First seen:
2021-11-20 11:58:18 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
4cd754af5d3b9faa7e9626f79fccc35464224247a10f4d01ef502a0423e637a7
7a0fb647c62e46b48095bb37e4a4750288ad5d062f34121769acd94cb864a478
7be418280356c7dc0384328a50904f3cee364185aa7f99e127e511461cd6db5c
a3845d760f3394981f0e9b2330c279db0534befaaa17c67ded9b3dbd7b9e608f
b4a1afa93c65eba3ab6efeb4624dcc8d65dbdefefe682bb26a1e2d9aa94415bd
d788b085cc98c274abd24c4ac8d00f870297dc4f5b68684af8a5c328cc50beb4
dcf4ecc6d3b70a3e11077862b9e3830806191f0718eecb525a3e7d24246c0287
e34fc70bee3b2e9051e1115f1053aec2bbd3555a8d71600e90890662ea718ff1
+ 134 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/211120-xcb8zsgbg7/
Behaviour
Looks up external IP address via web service
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
a026d098163797c17ff2c9e6b61464b4dfe8defeb1dc557cc20b99ce5b4f9ea5
MD5 hash:
a8d3943a8da4717bb569474900dbc703
SHA1 hash:
22590b55d37bb9b585347f855ba893e37d5a747b
Link:
https://www.unpac.me/results/029ce322-1804-4e6f-a1f7-aaf135750e27/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a026d098163797c17ff2c9e6b61464b4dfe8defeb1dc557cc20b99ce5b4f9ea5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a026d098163797c17ff2c9e6b61464b4dfe8defeb1dc557cc20b99ce5b4f9ea5

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1802404/
Cape
Cape
https://www.capesandbox.com/analysis/207808/

Comments


Avatar
zbet commented on 2021-11-20 18:42:00 UTC

url : hxxp://tg8.cllgxx.com/sr21/rtst1045.exe